-
Flash a stock armbian suitable for the RBPi or similar device
-
To use all space on flashed disk, grow root partition to full size using
gpartedorparted
-
Plug serial probe (USB / UART) or connect via RJ45 to DHCP enabled local network
-
Boot first time, login either via serial console or via network (hostname will be something like
rpi4b, armbian default login isrootwith1234) -
Armbian initial setup: Set common admin password for root user
-
Use common admin username for new principal user
-
Do not set language based on location, but choose en_US, continent Europe, Switzerland
-
Install the cpupower utilities
sudo apt install linux-cpupower -
make sure we’re using a modern scheduler:
sudo cpupower frequency-set --governor schedutil
Enter sudo armbian-config to setup the system.
-
System ⇒ Avahi ⇒ enable
-
Personal ⇒ Hostname ⇒ set (
auth,services, …)
-
enter the network config
sudo nmtui -
Add local WiFi for more comfortable access during further configuration (under "Activate…")
-
follow instructions on https://docs.docker.com/engine/install/debian/#install-using-the-repository ("uninstall" section can be skipped)
-
also do an
sudo apt upgradeto update all packages to the latest versions
For easy troubleshooting, the server should always work plug-and-play by connecting it to any DHCP enabled network, via RJ45. For more comfort, a personal WiFi connection may be left configured in case of an intervention.
Our network has an internal administration subnet and a 'services' subnet. All servers shall be present in both and thus need two logical network interfaces configured for their Ethernet interface.
Depending on their role, the primary network used as an internet gateway may be the admin subnet or the services subnet. This choice determines via which external address it will be reachable for chosen services. The 2nd subnet shall not be used as a default gateway, because this would break the routing.
To reduce configuration overhead for all individual servers, all interfaces shall use DHCP for address and routing assignment. If they need a fixed address, it is configured on the routers, using their MAC address to pin them to a specific IP.
The default Ethernet link can be used as-is to connect to the admin subnet since it is managed using DHCP and untagged packets.
To connect to the services subnet, a VLAN based connection needs to be added:
-
enter the network config
sudo nmtui -
"Edit a Connection" ⇒ "Add" ⇒ "VLAN" ⇒ "Create"
-
"Name" = "services"
-
"Parent" = "end0" (the name of the Ethernet device)
-
"VLAN id" = 2200 (current public services VLAN)
-
Under both "IPv4" and "IPv6" ⇒ "Show" ⇒ select "Never use this network for default route"
Once the device is connected to the building network, you can check the aquired addresses with ip addr list
Those will have the admin network as their primary subnet. That means the default Ethernet link can be used as the default gateway, and the 2nd connection reachable from the internal network only. The Services Subnet configuration can be left as-is.
If the servers should be reachable via the shared internets public address, for common services, the Services Subnet need to become the primary gateway.
-
enter the network config
sudo nmtui -
"Edit a Connection" ⇒ "Wired Connection 1" ⇒ "Edit"
-
deactivate the Default Route
-
"Edit a Connection" ⇒ "services" ⇒ "Edit""
-
activate the Default Route (unselect the option)
Note: after doing this, the device will not have internet connection when connected to a home network via RJ45. It will only get a gateway route when connected to the services VLAN or via another medium (such as WiFi).